Conduct risk: Aligning product, customer and value

Conduct risk: Aligning product, customer and value

Contact us

Also on KPMG.com

KPMG explores the challenges that the integrated Irish financial services sector faces when it comes to measuring and managing conduct risk and how we can ensure positive outcomes across product design, customer outcome and value.

“When it comes to conduct risk, people confuse compliance with culture, but compliance is the bare minimum; culture is something more. It encompasses the client outcome and how organisations align their interests with the customers’ long term interests.”

So comments Gillian Kelly, Partner, Risk Consulting at KPMG, when reflecting on key conduct risks in the Irish financial services sector and how to develop a conduct culture that’s squarely focused on achieving the right balance of customers’ best interests and profitability.

This is a key issue right across the financial services spectrum – from banking to insurance to wealth management to financial planning, particularly in the vertically integrated model the Irish market is predominantly built on.

The continuum of ethical culture

The Irish market is certainly at a key point of transition in terms of managing conduct risk.

The advent of the Consumer Protection Risk Assessment (“CPRA”) and the Central Bank’s large scale thematic reviews such as the Payment Protection Insurance (“PPI”) investigation and Tracker Mortgage investigation has provided renewed focus on measures to improve consumer outcomes – particularly in regard to providing confidence in the wider financial system and ensuring consumers are treated fairly.

But market participants are now realising that regulation is just one small part of the equation – developing a culture of ethical conduct is about having the right people, systems and processes in place to:

establish an ethical vision, that aligns product, customer and value;

create a practical framework to identify, measure, manage and mitigate risks; and

monitor and reward ethical behaviour while ensuring there are clear consequences for unethical behaviour.

‘Conduct Risk’ is defined as the risk a financial services firm poses to its customers from its direct interaction with them.

A key realisation is that ethical culture is a continuum. While bad culture and conduct is a clear problem that can be addressed and called out, good culture and conduct is seldom recognised and rewarded. Many organisations ignore the problem of poor culture and conduct – that is, where the culture isn’t deliberately bad, but there are key failures or a lack of a consistent message about expectations around ethical policies, procedures and behaviour, notes Gillian Kelly.

“What’s important is articulating a clear vision and agenda for ethical conduct and the creation of an ethical environment led from the top. If this isn’t done, the vacuum is often filled by poor conduct and culture,” comments Gillian Kelly.

The role of regulation and the bare minimum

Following a successful pilot, the Central Bank has introduced a new consumer protection risk assessment model, the Consumer Protection Risk Assessment.

“Our new supervisory model enables supervisors to assess how firms’ consumer protection risk management frameworks are designed and governed and, importantly, how effective they are in practice at delivering fair consumer outcomes.” Bernard Sheridan, Director of Consumer Protection, Central Bank

These measures will provide greater power to the Central Bank, and build upon the work they are undertaking in relation to a variety of areas including but not limited to firm culture, client categorisation, provision of information to clients, conflicts of interest and the new intervention power provided in the CPRA. Organisations will need to ensure that their internal processes and procedures for identifying and mitigating conduct risks not only meet Central Bank expectations, but reduce the likelihood of future costly remediation events. They will have to embed consideration of customer outcomes into strategic decision making.

The requirements of the CPRA are well known at this stage and are already changing the Irish financial services landscape. But is enforcement the answer to creating real customer value? It’s a critical part of the equation, but by no means the most important. “If you’re waiting for regulation to determine the framework, you’re five years out of date,” comments Gillian Kelly. “We should be five years ahead of the regulator and helping to set the agenda.” The issue is that compliance in and of itself sets a bare minimum that institutions don’t tend to exceed. And when it comes to conduct, we should be aiming for best practice rather than bare minimum.

The CPRA should not be read as a prescriptive solution. Organisations need to ensure compliance with the main facets of the CPRA. However, it is vital that each organisation tailors its solution for the operations and governance of its business, in order for it to be established as a living, breathing organism founded in the culture of the organisation.

Key conduct risk and culture issues in Irish financial services

Poor customer outcomes are broadly split across three areas:

Inherent information asymmetry in sales and communications;

Structures and behaviours that create conflicts of interest; and

Environmental factors that exacerbate conduct risk.

Rebalancing information asymmetry

Information asymmetry exists in sales of financial products when the provider of a product has a detailed understanding of the product, while a consumer is generally less well informed. Retail customers place a degree of trust and reliance upon the sales person to provide personalised advice based on their best interests. They generally expect an adequate and clear disclosure regarding the product or service. Global regulators have criticised the sales process and clarity of customer communications as a driver of poor customer outcomes. This process can leave customers with products that do not perform as they were led to expect.

A new risk is also emerging due to an increasing focus on financial innovation, which can create unexpected and unique customer impacts (for example, the use of social media to promote products).

Historically, regulatory responses have sought to address these imbalances by providing prescriptive requirements for disclosure (e.g. a key facts document and product disclosure document). Also, by setting professional standards for sales advisers in an attempt to rebalance information asymmetry.

Firms will only truly embed conduct risk management into their business by looking beyond the potential regulatory enhancements.

Changing incentive cultures

In the past a key issue facing the Irish market has been the structure of sales incentives, and how this encourages or discourages positive customer outcomes. An obvious and much discussed problem is the tension between the need for sales teams to meet ever increasing targets versus the need to suit the right product to the right customer at the right pricing.

This issue has been even more problematic in the Irish market, where consolidation and the integration of advice, banking, wealth management and insurance potentially amplifies conduct risk. “Compensation structures can have a significant influence on culture. It is important that ‘good culture’ is marked by specific values and that these behaviours are appropriately rewarded,” notes Janina Sweeney, Director, Risk Consulting.

Competition can be a key driver for ethical conduct – when consumers have more choice the motivation to clearly benefit the customer is much higher. At the same time, vertical integration of wealth, banking and insurance can create environments that can be challenging when it comes to conduct, particularly around sales incentives.

The Central Bank has sought to address this through the publication of ‘Guidelines on Variable Remuneration Arrangements for Sales Staff.’ The evolution in thought has led to “An onus on financial services providers to have in place structures that facilitate sales staff to act at all times in the best interests of consumers.”

FinCoNet’s ‘Report on Sales Incentives and Responsible Lending – A study of the impact of sales incentives on the sale of credit products’ found evidence that poorly designed sales incentives has the potential to cause harm to consumers, individual firms and the financial system. FinCoNet developed and published ‘Guidance to Supervisors on the setting of Standards in the field of Sales Incentives and Responsible Lending’ which, “aims to further contribute to the promotion of sound market conduct and strong consumer protection through the efficient and effective conduct supervision of sales incentives and responsible lending.”

Environmental factors in focus

While information asymmetry and incentive and other remuneration structures are well within the control of the institution, there are bigger macro trends at play that may also heighten conduct risk. These include economic and market trends, particularly, technological innovation. The digital provision of products is generating ‘click risk’, which is essentially the risk that every time new terms and conditions or upgrade options emerge people tend to click without examining further.

At the same time, regulation around new capital requirements for banks and other financial institutions is creating more cost, which is being passed on to consumers. There are ethical implications around the extent to which costs like this should be worn by the customers.

New ways to measure conduct risk

Technology may just hold the key to moving forward when it comes to creating even better conduct risk frameworks. An exciting development is how emerging technologies can help measure and manage conduct risk. “There is advanced trading technology that has the functionality to monitor 100% of transactions and identify misconduct.” comments Owen Lewis, Partner in Management Consulting.

KPMG’s Product Stress test tool is utilised to assess products and ensure that it operates as intended and the associated conduct risks are appropriately managed. This could certainly revolutionise the measurement of conduct and ethical behaviour and help institutions differentiate themselves.

Aligning product, customer and value

Conduct risk is driven by multiple factors in a firm’s business model – all elements can impact customer outcomes.

Good conduct is not simply about ensuring customer satisfaction, but delivering a good outcome for the customer. This goes beyond process and procedure – good conduct aims to deliver value for the customer and the shareholder with a balance of customer outcome and profitability for the organisation (for example considering the specific conduct risks that might arise from a particular product penetration strategy).

Case Studies

Conduct Risk Framework

With the increased focus on conduct and culture particularly within Irish retail banking, a major Irish bank proactively engaged KPMG to undertake the design and implementation of the conduct risk and control framework for the bank. KPMG used European Union regulation and global best practice as primary benchmarks.

This Conduct Risk Management Framework was established to help ensure that the client achieves its strategic objective by acting honestly, fairly and professionally in the best interests of its customers and the integrity of the market, and acts with due skill, care and diligence. However, whilst the avoidance of poor customer outcomes is clearly a requirement of an effective Conduct Risk Management Framework, the client did not consider this to be a sufficient objective. Instead, the client aimed to build a business that places customers more clearly at the centre of its strategy and operations, and seeks positive assurance of the delivery of good outcomes throughout all stages of the customer journey.

The Framework enables the client to measure, manage and control the risk of causing poor customer outcomes or impacting market integrity because of inappropriate actions in the execution of its business.

Supporting enforcement activity

The government, media and Central Bank have all been intensely focussed on the financial advice industry for a number of years, seeking to both hold providers of financial advice to account and seeking to improve the conduct of financial institutions. KPMG has been engaged by a number of large financial institutions to assist them in addressing regulator concerns and to improve their processes for ensuring advice is provided in a compliant manner.

The introduction of the CPRA highlights the Central Bank’s expectation that authorised entities put in place processes to encourage and promote positive client focussed culture and the Central Bank’s strict approach towards conduct that is deemed inappropriate or unacceptable.

KPMG’s engagements have included acting alongside the Central Bank where our role sees us independently overseeing the changes made by our clients and in other cases helping to ensure that the processes they put in place to manage the risk of poor conduct by the client are aligned with the Central Banks’ expectations. We attempt to put ourselves in the regulator’s shoes and assess the changes being made by an organisation to address the regulator’s concerns. We are seeing an increased focus by the regulator on the cultural aspects of managing a compliant organisation and an expectation that the risks posed by poor conduct are considered and addressed as evidenced in the ‘Cultural assessment and transformation and the Risk Culture papers’ published by KPMG Ireland.